Sunday, October 6, 2013

Our PHP web servers were powered by Linux, either Red Hat Enterprise Linux or CentOS Linux. Normally we use 5.x version of CentOS or RHEL, but after a few years running 5.x we decided that its now time to upgrade to 6.x.
The first problem we encounter is that the SAPCAR utility shows loading shared libraries error.

But it is not missing... whats wrong here ? See the details. LDD's output is that the libraries in the '/lib' folder, and the libstdc++ exist in '/usr/lib64'. The /lib folder is for 32-bit libraries. So there the SAPCAR actually requires the 32-bit version. Lets install the 32-bit version :

If you ever happen to want to link against installed librariesin a given directory, LIBDIR, you must either use libtool, andspecify the full pathname of the library, or use the `-LLIBDIR'flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf'

And all is well after that. Well, except that to be able to connect to other servers, we need to set SELinux policy to allow network connection from apache :[root@myserver ~]# getsebool -a | grep httpd | grep networkhttpd_can_network_connect --> offhttpd_can_network_connect_cobbler --> offhttpd_can_network_connect_db --> offhttpd_can_network_memcache --> offhttpd_can_network_relay --> off[root@myserver ~]# setsebool -P httpd_can_network_connect on

It happens that this cryptic error message were caused by missing glibc.i686 library, so the solution is simple :

rra-mobile ~ # yum install glibc.i686 glibc-common.i686

Silent AVC Denial

Another issue that might blocks the extension is SE linux denies access to the directory containing librfccm.so. The problem is, the denial is not logged in alert.log, making troubleshooting difficult if not impossible. The indication is :